diff --git a/deploy/iso/minikube-iso/package/docker-bin/docker-bin.mk b/deploy/iso/minikube-iso/package/docker-bin/docker-bin.mk index 7120f61a4364..e1ee3680dace 100644 --- a/deploy/iso/minikube-iso/package/docker-bin/docker-bin.mk +++ b/deploy/iso/minikube-iso/package/docker-bin/docker-bin.mk @@ -42,4 +42,10 @@ define DOCKER_BIN_INSTALL_TARGET_CMDS $(TARGET_DIR)/bin/docker-proxy endef +define DOCKER_BIN_INSTALL_INIT_SYSTEMD + $(INSTALL) -D -m 644 \ + $(BR2_EXTERNAL)/package/docker-bin/docker.socket \ + $(TARGET_DIR)/usr/lib/systemd/system/docker.socket +endef + $(eval $(generic-package)) diff --git a/deploy/iso/minikube-iso/package/docker-bin/docker.socket b/deploy/iso/minikube-iso/package/docker-bin/docker.socket new file mode 100644 index 000000000000..7dd95098e4ad --- /dev/null +++ b/deploy/iso/minikube-iso/package/docker-bin/docker.socket @@ -0,0 +1,12 @@ +[Unit] +Description=Docker Socket for the API +PartOf=docker.service + +[Socket] +ListenStream=/var/run/docker.sock +SocketMode=0660 +SocketUser=root +SocketGroup=docker + +[Install] +WantedBy=sockets.target diff --git a/pkg/provision/buildroot.go b/pkg/provision/buildroot.go old mode 100644 new mode 100755 index bf027b9b45b7..8a50a5b0728c --- a/pkg/provision/buildroot.go +++ b/pkg/provision/buildroot.go @@ -20,16 +20,23 @@ import ( "bytes" "fmt" "path" + "path/filepath" "text/template" "time" "github.com/docker/machine/libmachine/auth" + "github.com/docker/machine/libmachine/cert" "github.com/docker/machine/libmachine/drivers" "github.com/docker/machine/libmachine/engine" "github.com/docker/machine/libmachine/log" + "github.com/docker/machine/libmachine/mcnutils" "github.com/docker/machine/libmachine/provision" "github.com/docker/machine/libmachine/provision/pkgaction" + "github.com/docker/machine/libmachine/provision/serviceaction" "github.com/docker/machine/libmachine/swarm" + "github.com/pkg/errors" + "k8s.io/minikube/pkg/minikube/assets" + "k8s.io/minikube/pkg/minikube/sshutil" "k8s.io/minikube/pkg/util" ) @@ -119,7 +126,7 @@ WantedBy=multi-user.target return &provision.DockerOptions{ EngineOptions: engineCfg.String(), - EngineOptionsPath: p.DaemonOptionsFile, + EngineOptionsPath: "/lib/systemd/system/docker.service", }, nil } @@ -143,7 +150,7 @@ func (p *BuildrootProvisioner) Provision(swarmOptions swarm.Options, authOptions log.Debugf("setting up certificates") configureAuth := func() error { - if err := provision.ConfigureAuth(p); err != nil { + if err := configureAuth(p); err != nil { return &util.RetriableError{Err: err} } return nil @@ -170,3 +177,94 @@ func setRemoteAuthOptions(p provision.Provisioner) auth.Options { return authOptions } + +func configureAuth(p *BuildrootProvisioner) error { + driver := p.GetDriver() + machineName := driver.GetMachineName() + authOptions := p.GetAuthOptions() + org := mcnutils.GetUsername() + "." + machineName + bits := 2048 + + ip, err := driver.GetIP() + if err != nil { + return errors.Wrap(err, "error getting ip during provisioning") + } + + hostCerts := map[string]string{ + authOptions.CaCertPath: filepath.Join(authOptions.StorePath, "ca.pem"), + authOptions.ClientCertPath: filepath.Join(authOptions.StorePath, "cert.pem"), + authOptions.ClientKeyPath: filepath.Join(authOptions.StorePath, "key.pem"), + } + + for src, dst := range hostCerts { + f, err := assets.NewFileAsset(src, filepath.Dir(dst), filepath.Base(dst), "0777") + if err != nil { + return errors.Wrapf(err, "open cert file: %s", src) + } + if err := assets.CopyFileLocal(f); err != nil { + return errors.Wrapf(err, "transferring file: %+v", f) + } + } + + // The Host IP is always added to the certificate's SANs list + hosts := append(authOptions.ServerCertSANs, ip, "localhost") + log.Debugf("generating server cert: %s ca-key=%s private-key=%s org=%s san=%s", + authOptions.ServerCertPath, + authOptions.CaCertPath, + authOptions.CaPrivateKeyPath, + org, + hosts, + ) + + err = cert.GenerateCert(&cert.Options{ + Hosts: hosts, + CertFile: authOptions.ServerCertPath, + KeyFile: authOptions.ServerKeyPath, + CAFile: authOptions.CaCertPath, + CAKeyFile: authOptions.CaPrivateKeyPath, + Org: org, + Bits: bits, + }) + + if err != nil { + return fmt.Errorf("error generating server cert: %s", err) + } + + remoteCerts := map[string]string{ + authOptions.CaCertPath: authOptions.CaCertRemotePath, + authOptions.ServerCertPath: authOptions.ServerCertRemotePath, + authOptions.ServerKeyPath: authOptions.ServerKeyRemotePath, + } + + sshClient, err := sshutil.NewSSHClient(driver) + if err != nil { + return errors.Wrap(err, "provisioning: error getting ssh client") + } + + for src, dst := range remoteCerts { + f, err := assets.NewFileAsset(src, filepath.Dir(dst), filepath.Base(dst), "0640") + if err != nil { + return errors.Wrapf(err, "error copying %s to %s", src, dst) + } + if err := sshutil.TransferFile(f, sshClient); err != nil { + return errors.Wrapf(err, "transfering file to machine %v", f) + } + } + + dockerCfg, err := p.GenerateDockerOptions(engine.DefaultPort) + if err != nil { + return errors.Wrap(err, "generating docker options") + } + + log.Info("Setting Docker configuration on the remote daemon...") + + if _, err = p.SSHCommand(fmt.Sprintf("sudo mkdir -p %s && printf %%s \"%s\" | sudo tee %s", path.Dir(dockerCfg.EngineOptionsPath), dockerCfg.EngineOptions, dockerCfg.EngineOptionsPath)); err != nil { + return err + } + + if err := p.Service("docker", serviceaction.Start); err != nil { + return err + } + + return nil +}